The mission of Turnaround Security is to tackle “hard problems” in the information security and privacy domains, innovate creative solutions, bring them to market, and to offer innovative cyber security information services.
One need not look very far today to see the massive extent of personal, business, and financial data breaches resulting from systems that are not secure and resilient against insider threats, hackers, criminals, terrorist organizations, and adversarial nation states.
This state of insecurity and lack of resilience impacts society in numerous ways. We are at the early stages of the evolution of product liability law pertaining to information security and privacy. Take, for example, mandatory seat belt laws. These laws were passed after a certain level of deaths and expenditures by insurance companies reached the point where the government had to step in. In many businesses, security and privacy hardening by design takes a back seat to getting the product out the door and making a profit. The result is a fragile information technology infrastructure that seems to require billions of dollars per year of products and services provided as bolt-on solutions to this systemic problem. Meanwhile, the personal information of billions of individuals, their financial account details, proprietary information of businesses, and sensitive government data, have fallen into the hands of criminals, terrorist organizations, and adversarial nation states, who certainly do not have our best interests in mind. The lack of individual control and ownership of the disclosure and maintenance of personal private information just further exacerbates the problem. In some cases the breaches extend to one’s family, relatives and friends—even to the point of compromising national security.
We envision a world where security and privacy hardening by design is front-of-mind when defining requirements and designing hardware and software. We envision a world where hacks are precluded by design, systems monitor for and respond to abnormal activity, and where system components work together to form an agile security architecture that is responsive and resilient to attack. We also envision a world where individuals have ownership and control of the disclosure and accuracy of their sensitive personal information. Many people are already working on different aspects of these best practices and solutions. However, they all need to be applied together to be effective. Businesses and industry must continue in this direction prior to the government stepping in and passing changes to product liability law to hold product companies and their business users more strictly accountable for these inherent flaws. We envision a generation that no longer suffers from apathy pertaining to privacy and data breach fatigue—a generation that once again has control over its private information.
There are a number of hard problems that need to be solved to achieve this vision. We aim to Turnaround Security through elementary yet holistic solutions to these problems.
Our principals have experience as Chief Information Security Officer, Enterprise Security Architect, Security Engineer, DevOps Engineer, Process Consultant, Lead Product Demonstrator, Paralegal, Game Developer, Programmer, and Electronics Engineering. They have served major corporations and government agencies, including the Department of Homeland Security, The United States Mint, The World Bank Group, Barclays, IBM, General Dynamics C4 Systems, Lockheed Martin, The Vanguard Group of Investment Companies, Chrysler, Visa International, Verizon Communications, United Services Automobile Association (USAA), UnitedHealth Group, U.S. Department of Justice, Hostess Brands, Revlon, Neiman Marcus, and Bloomingdale’s.
The concept that spawned the creation of Turnaround Security had its roots beginning in 2014, with our founder working as an Enterprise Security Architect on a large government project. Faced with development leads that created system security plans that were lacking in quality, the ideas leading to AppSec DesignerTM were born. Prototypes were built and presented to various Open Web Application Security Project (OWASP) chapter meetings, Shmoocon Epilogue, and the 2016 SABSA conference in Dublin, Ireland. The project has since been turned into an OWASP project.
Our team is composed of three family members, and has been supported by over 12 professionals in various fields, including graphic design, web site development, news, social media, communications, financial management, product development, and advertising.
John M. Willis, Founder & Chief Executive Officer
John M. Willis is Founder and CEO of Turnaround Security since 2016. He has also been a Chief Information Security Officer for Zermount, supporting the United States Department of Homeland Security (2015-present). John was the Principal Information Security and Privacy Consultant for pINFOSEC, supporting Computer Sciences Corporation, the Centers for Medicare and Medicaid Services, Desjardins, U.S. Department of Homeland Security (DHS) Science & Technology Directorate, CA Technologies, Verizon Telematics, and the DHS Office of the Chief Information Officer (2012-2015). John served as a Chief Information Security Officer for Lockheed Martin, supporting The United States Mint (2011-2012). John was again Principal Information Security and Privacy Consultant for pINFOSEC, supporting The World Bank Group, Barclays, IBM, Harris, U.S. Navy, General Dynamics C4 Systems, Lockheed Martin, and the U.S. Transportation Command (USTRANSCOM) (2006-2011).
While the Principal Configuration Management Consultant of Regulus Consulting, John supported Siemens Health Services Corporation, Rockwell Telecommunications, Ameritech, The Vanguard Group of Investment Companies, Chrysler, Visa International, Sun Microsystems, Pennsylvania Justice Network (JNet), Verizon Communications, United Services Automobile Association (USAA), and UnitedHealth Group from 1996-2006. He was also Configuration Manager and Programmer Analyst for MCI (1993-1996).
John was a Senior Paralegal for Acumenics Research and Technology, supporting the U.S. Department of Justice (1993). He was Inside Director and Membership Coordinator of Environmental Action, Inc. from 1991-1993, and again a Paralegal of Acumenics Research and Technology, supporting the U.S. Department of Justice from 1990-1991. He was a self-employed Technical and Health Policy Consultant from 1986-1990, and Associate Engineer of Marconi Avionics from 1978-1986. John began his professional career as an Electronics Technician for Terminal Equipment Maintenance (1978).
He completed the Chief Information Security Officer Executive (CISO-Executive) certification program at Carnegie Mellon University, H. John Heinz III College (2018). John also holds two Professional Certificates from Stanford University: Strategic Decision and Risk Management (2017); and Advanced Computer Security (2015). He also holds a Paralegal Diploma from Ashworth College.
John is a member of the National Association of Corporate Directors, Association for Corporate Growth, ISACA (Information Systems Audit and Control Association), Northern Virginia Hackers Association, International Association of Privacy Professionals, (ISC)2 (International Information System Security Certification Consortium), and Infragard.
John was also a member of the Armed Forces Communications and Electronics Association (AFCEA), Society of Photo-Optical Instrumentation Engineers (SPIE), and Institute of Electrical and Electronics Engineers (IEEE).
He served as an Advisor on the Nanotechnology Advisory Committee of Northwest Vista College (2008-2011), and as Board Director of Chester County InterLink (CCIL) (2003-2004). John served as President and Legislative Advocate of the Georgia Women’s Coalition for Medical Freedom (1983-1990), and Executive Director of Georgians for Safe Food (1988-1989).
John was a Reviewer for National Electric Sector Cyber Security Organization Resources (NESCOR) (2011-2014), and Legislative Advocate of the Georgia State Association of Naturopathic Physicians (1983-1989). He served as Executive Officer (Secretary), Board Director, Strategic Planning Committee Chair, Financial Committee Member, and Legislative Advocate of Sevananda Natural Foods Cooperative (1986-1988). John also served as Vice President, Board Director, and Legislative Advocate of the Informed Health Care Association of Georgia (1983-1987).
Katherine Willis, Director of Marketing
Katherine has over 30 years of retail consumer sales and marketing experience, supporting major companies such as Hostess Brands, Revlon, Ross Stores, Breyers, Sheraton Hotels and Resorts, Neiman Marcus, and Bloomingdale’s. Katherine provides direction on the marketing of Turnaround Security.
Michael (“Mike”) Willis, Security Systems Engineer
Mike has been programming and working with computers since the age 11. He enjoys building computers from scratch, including the Gentoo operating systems. He is currently pursuing a degree in Cybersecurity. Mike contributed to the development of the prototypes of AppSec DesignerTM, will be implementing our cloud service, and supporting enterprise customers. Mike has been a member of the Northern Virginia Hackers Association since 2011, and attends security conferences such as Shmoocon and BSides DC.